For outgoing traffic:
Create a rule for all UDP and TCP ports for Telavox networks 220.127.116.11/20.
For this rule, there should be a Timeout (TTL) of at least 3720 seconds, as our phones contact us every 3600 seconds. If you can not increase your TTL, contact our support and we can reduce the registration interval on the extension to 120 seconds.
For incoming traffic:
No rules are needed here because the session is initiated from within the network. Disable all ALG / SIP functions and Application Control on the traffic to Telavox if this is in the firewall. These usually do more harm than good.
Complete information about our network:
Netmask: 255.255.240.0 = 20
Hosts / Net: 4094
Terminals and provisioning:
The following ip/ranges and ports needs to be open for the zero-touch provisioning to work
Gigaset redirect server
18.104.22.168 - 22.214.171.124 (126.96.36.199/27) Port: 80, 443
188.8.131.52 - 184.108.40.206 (220.127.116.11/27) Port: 80, 443
18.104.22.168 - 22.214.171.124 (126.96.36.199/27) Port: 80, 443
Yealink redirect server
IP: 188.8.131.52 Port: 443
IP: 184.108.40.206 Port: 443
Snom redirect server
IP: 220.127.116.11 Port: 80, 443
Grandstream redirect server
IP: 18.104.22.168 Port: 443
Akuvox redirect server
IP: 22.214.171.124 Port: 80, 443, 8080
Fanvil redirect server
IP: 126.96.36.199 Port: 80, 443
Telavox provisioning server:
Gigaset: 188.8.131.52/20 Port:80
Yealink: 184.108.40.206/20 Port:442
Snom: 220.127.116.11/20 Port:447
Grandstream: 18.104.22.168/20 Port:1446
Akuvox: 22.214.171.124/20 Port:1445
Fanvil: 126.96.36.199/20 Port:1448
Below are the protocols used by equipment supplied by Telavox, as well as a description of their function. Different terminal types use different protocols, e.g. HTTPS is preferred for downloading software over e.g. TFTP and HTTP, but in cases where the terminal does not support HTTPS, one of the others is used. Telavox does not recommend blocking traffic to and from terminals based on ports and / or protocols, but rather chooses to trust all traffic to and from Telavox networks. Telavox also does not undertake to use only the protocols below for the future, so a restriction of permitted traffic through firewalls based on the following risks affecting delivered services in the event that the specification below changes. Note that the ports listed in all cases are receiver ports, as a rule rather than exceptions, the equipment uses randomly selected sender ports.
File Transfer Protocol, RFC959, TCP ports 21 and 20. Used to download terminal configuration and software.
Domain Name Server, RFC1035, TCP / UDP port 53. DNS functionality is part of a working IP network and the terminals provided by Telavox will not work unless they have access to a working DNS. In the case where the DNS is located outside the firewall, the firewall must allow the terminals to look it up.
Our provisioned phones are configured with Google's DNS 188.8.131.52 and 184.108.40.206
Hyper Text Transfer Protocol, RFC2616, TCP port 80. Used to download terminal configuration and software. No specific configuration is normally required for HTTP to work satisfactorily as this is one of the most commonly used protocols on the Internet.
Hyper Text Transfer Protocol over Secure Socket Layer, RFC2818, TCP port 443. Used to download terminal configuration and software.
Trivial File Transfer Protocol, RFC1350, UDP port 69 and dynamically allocated ports for data transfer. Used to download terminal configuration and software.
SNTP / NTP
Simple Network Time Protocol, RFC1305 / RFC1361, UDP port 123. Used to set the time / clock in the terminal.
Session Initiation Protocol, RFC3261, UDP port 5060. Used to hook up and down calls. SIP traffic runs between our SIP server and the phone. This is by far the most important protocol for your telephony to work.
Real Time Transfer Protocol, RFC1889, UDP port 1024-65535. The audio stream between the terminal and the phone during a call flows as RTP. The port used is randomized when a call is initiated. All terminals supplied by Telavox use symmetrical RTP, which means that the receiver and sender port for the RTP stream are the same for both incoming and outgoing audio stream. This means that the audio stream that goes from the terminal to us opens the session in the firewall to also allow incoming voice stream over the same session.
Secure Real-Time Transfer Protocol. Still transported over UDP but both parties of the call have exchanged keys during the connection of the call in the SIP dialogue to enable encryption.
Real Time Control Protocol, RFC3550, UDP port 1024-65535. Some terminals generate RTCP packets that are used in the communication between RTP endpoints to convey local statistics and call data such as information about jitter and any packet losses. This is selected as the RTP port + 1, ie. if the RTP stream passes port 12480, RTCP will use UDP port 12481.
WSS web socket
WSS used by our softphone "Telavox desktop" and uses port 8443 against "push servers" and port 443 for SIP.